Mycomplianceoffice Mco
8 CVEs affecting Mycomplianceoffice Mco. Latest disclosed: 2026-07-01. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-53909 | | 2026-07-01 | MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An auth… | |
CVE-2026-53908 | | 2026-07-01 | MCO is vulnerable to User Enumeration through authentication-related functionalities. The application returns distinguishable responses for valid and invalid u… | |
CVE-2026-53907 | | 2026-07-01 | MCO is vulnerable to Stored Cross‑Site Scripting (XSS) via the application logo upload functionality. An attacker with the ability to change the application lo… | |
CVE-2026-53906 | | 2026-07-01 | MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename p… | |
CVE-2026-53905 | | 2026-07-01 | MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An authenticated… | |
CVE-2026-53904 | | 2026-07-01 | MCO is vulnerable to Account Denial of Service due to improper implementation of password reset functionality. Each password reset request invalidates previous… | |
CVE-2026-53903 | | 2026-07-01 | MCO is vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability in the /customer/servlet/mco/webapi/trading-document/fetchPdfStatement endpoint… | |
CVE-2026-53902 | | 2026-07-01 | MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. An authenticated user can mo… |